CVE Number: CVE-2025-61973 Title: Epic Games Store Installation DLL Hijacking Privilege Escalation Vulnerability Summary: A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, which may result in unintended elevation of privileges. Affected Versions: Epic Games Store 14.6.2.0 CVSS Score: 8.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CWE: CWE-284 - Improper Access Control Details: - When Epic Games Store is installed via the Microsoft Store application, a vulnerable process involves , , and . - The vulnerability arises because a folder is writable by standard users, allowing an attacker to replace with a malicious DLL. - When loads the malformed , it executes with SYSTEM privileges. Timeline: - 2025-10-14: Initial Vendor Contact & Vendor Disclosure - 2025-11-06: Vendor Patch Release - 2026-01-15: Public Release Credit: Discovered by KPC of Cisco Talos.